Connect with the Cloudflare Community

5xx Server Error

Overview

Generally, 5xx error codes indicate that an error or unresolvable request occurred on the server side, whether that is a proxy or the origin host. The server was able to detect the error and thus will not return the potentially malformed response to the client.

These error codes be used as a response to any request method.

The origin server should include an explanation, which should be displayed by User-Agent, with the exception of a HEAD request. The following errors are typically returned by the origin web server.

The origin web server has encountered an unexpected condition and was unable to fulfill the request. This is a blanket error message for any internal errors that prevented the origin web server from fulfilling the request and that were not caught at the origin.

In the rare event that an exception throw with the Cloudflare edge or an internal DNS timeout occurred, Cloudflare will return a 500 with the page stating "cloudflare". If you don't see this, the issue is occurring at the origin web server and you should work with your hosting provider to address the issue.

Back-end web servers are not communicating correctly.Three reasons why this can occur:

The origin web server is not configured to handle the requested domain name at the targeted IP address. This may happen when DNS records change. Keep in mind that DNS TTL determines how long a record is valid in the DNS cache.

The server at the origin is overloaded or unreachable at the time the request was made. This could be due to the server crashing, traffic spikes, or lack of connectivity to the server.

An application or service used at your origin is either timing out or being blocked.

If the error includes Cloudflare branding, then it's coming directly from the origin server:

In the unlikely to see a 502 error without the branding shown above but with “cloudflare” (see image below). If you see the error version shown below, file a support ticket immediately and include the output of your site CND trace (go to yoursite.com/cdn-cgi/trace and copy/paste the contents). This might mean there are potential issues at the local Cloudflare datacenter. We may also serve this when your origin is returning both compressed and uncompressed data.

The origin web server is overloaded or having maintenance issues and unable to handle the request at this time.

The retry header may be included by the server to specify an appropriate time for the client to retry the request.

Note that not all web servers will serve this response. Some will simply refuse or drop the connection. If a drop in communication happens from the origin web server to Cloudflare, a 522 error response is generated.

The origin web server cannot or does not wish to support the HTTP version requested by the client.

The server should indicate why it would not support that version.

Cloudflare Specific Status Codes

In order to help website owners determine why a user’s request that was proxied through Cloudflare resulted in an error, Cloudflare implements custom HTTP status codes. The status codes add human-readable details to what is going on with the backend.

Cloudflare generates an entire response and messaging when one of the error conditions is met. The behavior of the origin web server toward a Cloudflare request is what determines which of these status codes will be used; however, the status code is not delivered from the origin web server.

Paying customers can customize and brand these error pages. Having custom error pages helps provide a consistent experience for your users, even in the event of a page load error. Read more about Custom Error Pages.

520 Unknown Error from Web Server

This is a catch-all response for when the origin web server returns something unexpected or something that is not tolerated/interpreted (protocol violation or empty response).

While the 520 error can be triggered by very unique and strange edge-case scenarios, they are generally caused by:

521 Web Server is down

This error response indicates the origin web server refused the connection from Cloudflare. This means Cloudflare tried to connect to your origin web server on port 80 or 443 but received a connection refused error. The origin web server is actively refusing the request, so this is not a network error.

522 Connection Timed Out

This Error response occurs when establishing a TCP connection with the origin web server and Cloudflare.

When someone visits a Cloudflare-enabled website, a connection is established between Cloudflare and the site's origin web server. To establish a connection, TCP uses a three-way handshake.

SYN: Cloudflare sends three SYN packets to the origin server.

SYN+ACK: In response, the origin server replies with a SYN+ACK.

ACK: Finally, Cloudflare sends an ACK back to the origin server.

At this point, both Cloudflare and the origin server have received an acknowledgement that the connection and communication was established. If the origin web server does not send a SYN+ACK back to Cloudflare within 15 seconds, a 522 error will occur and the connection is closed.

524 A timeout occurred

Cloudflare was able to make a TCP connection to the origin, but the origin did not reply with an HTTP response before the connection timed out. The Cloudflare edge will typically wait for an HTTP response from your server for 100 seconds.

If no response is sent by your server in that time, we close the connection and serve a 524 error page.

525 SSL handshake failed

This error indicates that a failure in the SSL handshake between Cloudflare and the origin server that hosts the domain has occurred. This means that Cloudflare is set to use Full SSL in the Cloudflare settings for the domain, so Cloudflare attempts to make a connection using SSL (for requests beginning in https://) to the web server that hosts the domain.

527 Railgun Listener to Origin Error

The request timed out or failed after the WAN connection had been established. This could result from an interruption or anomaly upstream from the Railgun Sender in the path to the Listener at the site origin web server.

527 error could also occur due to an issue within the host environment when the Railgun Listener is unable to complete or establish a connection to the origin web server to receive a requested page.

530 Origin DNS Error

Cloudflare cannot resolve the A or CNAME DNS record requested. Even if Cloudflare’s Anycast address is resolving correctly, the record that should be specified in the DNS app of your Cloudflare dashboard cannot be found or is a CNAME record to an external domain that cannot be resolved.

The Error Message the browser will see will show a 1016 error, but the actual HTTP response code is 530.